[Icecast] No PRNG seed configured. PRNG is insecure.

Philipp Schafft phschafft at de.loewenfelsen.net
Wed Aug 10 09:19:03 UTC 2022 

Good morning,

On Wed, 2022-08-10 at 11:01 +1000, Damian wrote:
> Could anyone point me to the most relevant docs / discussion on line
> for this topic? Can’t find any docs at https://icecast.org/ 
> regarding this. 

There is hardly anything as this setting was mostly superseded by the
use of libigloo. Which happened since the last beta (while super
stable, it's still a beta after all for exactly this type of reasons
:).

Adding the "linux" profile as you did should do the trick just fine for
the version you are running.

Also this is not really TLS related. This is for everything that needs
random numbers that is not TLS. (And therefore also applies to non-TLS
builds).


With best regards,


> > On 8 Aug 2022, at 21:50AEST, Damian <db76 at riseup.net> wrote:
> > 
> > Okay, so I feel pretty silly right now because I found the PRNG
> > config settings at the bottom of the icecast.xml file.
> > I uncommented the following two lines (which I think is the correct
> > thing to do) but I am not confident. 
> > Regardless, I don’t get any more error massage. 
> > 
> > <prng-seed type="read-write" size="1024">/var/cache/icecast.prng-
> > seed</prng-seed>
> > <prng-seed type="profile">linux</prng-seed>
> > 
> > Can anyone confirm whether I am on the right track and whether the
> > other two PRNG settings are also necessary?
> > 
> > I am running icecast 2.5 on Debian 10
> > 
> > Damian 
> > 
> > 
> > > On 6 Aug 2022, at 17:31AEST, Damian <db76 at riseup.net> wrote:
> > > 
> > > Hi,
> > > 
> > > I am migrating from icecast 2.4.4 and testing version 2.5.
> > > I have installed on Debian 10 via source. Everything is working,
> > > although I can see in the Icecast admin page and also in the logs
> > > the following message:
> > > 
> > > No PRNG seed configured. PRNG is insecure
> > > 
> > > I am not sure how to troubleshoot this, so any pointers would be
> > > greatly appreciated.
> > > This looks to be related to TSL/SSL. I have the public and
> > > private parts of my key together in a PEM, if this helps with
> > > diagnosing the issue.


-- 
Philipp Schafft (CEO/Geschäftsführer) 
Telephon:  +49.3535 490 17 92
Website:   https://www.loewenfelsen.net/
Follow us: https://www.linkedin.com/company/loewenfelsen/

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220810/53314db0/attachment.sig>

More information about the Icecast mailing list